- Overview of Release Notes for Cisco TrustSec General Deployability Releases
- Release Notes for Cisco TrustSec 3.0 General Deployability 2013 Release
- Release Notes for Cisco TrustSec 2.1 General Deployability 2012 Release
- Release Notes for Cisco TrustSec 2.0 General Deployability 2011 Release
- Release Notes for Cisco TrustSec 1.99 General Deployability 2011 Release
- Release Notes for Cisco TrustSec 1.0 General Deployability 2010 Release
Release Notes for Cisco TrustSec 1.0
General Deployability 2010 Release
The most current version of this document is available on Cisco.com at the following URL:
www.cisco.com/en/US/docs/switches/lan/trustsec/release/notes/rn_cts_crossplat.html
Contents
This document contains the following sections:
Introduction
Information on the Cisco TrustSec Solution, including overviews, datasheets, and case studies, is available at the following URL:
http://www.cisco.com/en/US/netsol/ns1051/index.html
The Cisco TrustSec Switch Configuration Guide is located at the following URL:
http://www.cisco.com/en/US/docs/switches/lan/trustsec/configuration/guide/trustsec.html
For an explanation of Cisco TrustSec features, see Table 1 in the "Overview of Release Notes for Cisco TrustSec General Deployability Releases"
Supported Hardware and Software
For a complete table of features, platforms, IOS images, and servers supported for the TrustSec 1.0 release, please see the Platform Support Matrix in the Cisco TrustSec 1.0 Product Bulletin at the following URL:
http://www.cisco.com/en/US/solutions/collateral/ns170/ns896/ns1051/product_bulletin_c25-616556.html
Caveats
Open Caveats - Trustsec 1.0 General Availability 2010 Release
Cisco Secure Access Control System (ACS)
•CSCte75993—ACS sends the same server list name and gen-ID when NAD switches ACS
Symptom: A Catalyst 6500 device will initially attempt to access a wrong ACS server, and later will continue to show that wrong server as its primary destination for TrustSec RADIUS services.
Conditions: If the server config is modified to point to a different ACS, the device is not able to recognize that a new server list has been updated from the new server:
–Device is configured with Server A
–Env-data download from Server A returns server list named "ACSServerList1" with Server A in it
–Device's private list now contains Server A
–Server A is brought down
–Device config changed - Server A is replaced with Server B
–Server A is marked DEAD on the device's private list
–Env-data download refresh sent to Server B (public list)
–Server B returns same server list named "ACSServerList1" with same gen-ID
–Since server list name is identical and gen-ID did not change, device sees no need to download the server info and never acquires info for Server B
–Device ends up with Server A in its private list
The Catalyst 6500 gives priority to private server list over the public list, so it will attempt to use it without knowing that it is the wrong one.
Workaround: The Catalyst 6500 does have server-keep-alive test where the device will eventually detect that the private server is DEAD, it will switch to the correct configured RADIUS server, but in the "show" command, the wrong private server will remain.
In order to work-around the wrong configuration in the private list, the user should remove the Private server list and invoke a new Environment Data request.
Cisco Nexus 7000 Series Switches
Resolved Caveats
Cisco Catalyst 6500 Series Switches
Related Documentation
Release-Specific Documents
|
|
---|---|
•TrustSec feature configurations for Cisco Catalyst series switches •System error messages |
|
Release Notes for Cisco TrustSec 1.0 General Availability 2010 Release |
•Open and resolved caveats •Current hardware support status |
Platform-Specific Documents
|
|
---|---|
Catalyst 3000 Series Switches |
|
Open and resolved Caveats |
|
Catalyst 3560 Software Configuration Guide, Release 12.2(52)SE |
802.1x configuration procedures |
Catalyst 3750 Switch Software Configuration Guide, 12.2(52)SE |
|
Catalyst 4500 Series Switches |
|
Release Note for the Catalyst 4500 Series Switch, Cisco IOS, 12.2EW and 12.2SG |
Open and resolved caveats |
Catalyst 4500 Series Switch Software Configuration Guide, 12.2(53)SG |
802.1x configuration procedures |
Catalyst 6500 Series Switches |
|
Catalyst 6500 Series Release Notes for Cisco IOS Release 12.2(33)SXH and Later Releases |
Open and resolved caveats |
Catalyst 6500 Release 12.2SXH and Later Software Configuration Guide |
802.1x configuration procedures |
Nexus 7000 Series Switches |
|
Open and resolved caveats |
|
•TrustSec feature configurations for Cisco Nexus 7000 series switches, Release 4.1 and more recent •802.1X configuration procedures |
|
Cisco Secure Access Control System |
|
Open and Resolved caveats |
|
TrustSec configurations for Cisco ACS 5.1 and more recent |
Cisco IOS Software Documentation Set
|
|
---|---|
Cisco IOS Security Configuration Guide: Securing User Services |
802.1x configuration procedures |
Syntax and usage guidelines for TrustSec-specific and related commands |